Exchange Server 2010 Role-based permissions simplify administrator time to manage user or groups of users to perform Exchange task. Exchange Server 2010 offers built-in managements roles that can be used by administrators to manage Exchange
organization. Each built-in role acts as a logical grouping of
permissions and when any user/s is added to that role; those permissions
are inherited to that specific users/s.
We
can assign roles to role groups or directly to users. We can also
assign roles through role policies that are then applied to role groups,
users, or both. By assigning roles, you grant permission to perform
management tasks.
You
can assign role-based permissions to any mailbox-enabled user account.
You can assign role-based permissions to any universal security group.
You cannot assign role-based permissions to security groups with the
domain local or global scope. You cannot assign role-based permissions
to distribution groups regardless of scope.
Management Roles with an Organization Scope
|
MANAGEMENT ROLE
|
ENABLES MANAGERS TO…
|
|
Active Directory Permissions
|
Configure
Active Directory permissions in an organization. Keep in mind that
permissions set directly on Active Directory objects cannot be enforced
through RBAC.
|
|
Address Lists
|
Manage address lists, the global address list, and offline address lists in an organization.
|
|
Audit Logs
|
Manage audit logs in an organization.
|
|
Cmdlet Extension Agents
|
Manage cmdlet extension agents in an organization.
|
|
Database Availability Groups
|
Manage database availability groups in an organization.
|
|
Disaster Recovery
|
Restore mailboxes and database availability groups in an organization.
|
|
Distribution Groups
|
Create and manage distribution groups and distribution group members in an organization.
|
|
Edge Subscriptions
|
Manage
edge synchronization and subscription configuration between Edge
Transport servers and Hub Transport servers in an organization.
|
|
E-Mail Address Policies
|
Manage e-mail address policies in an organization.
|
|
Exchange Connectors
|
Manage
routing group connectors, delivery agent connectors, and other
connectors used for transport. This role doesn't enable administrators
to manage Send and Receive connectors.
|
|
Federated Sharing
|
Manage cross-forest and cross-organization sharing in an organization.
|
|
Information Rights Management
|
Manage the Information Rights Management (IRM) features of Exchange in an organization.
|
|
Journaling
|
Manage journaling configuration in an organization.
|
|
Legal Hold
|
Configure whether data within a mailbox should be retained for litigation purposes in an organization.
|
|
Mail Enabled Public Folders
|
Configure whether individual public folders are mail-enabled or mail-disabled in an organization.
|
|
Mail Recipient Creation
|
Create mailboxes, mail users, mail contacts, distribution groups, and dynamic distribution groups in an organization.
|
|
Mail Recipients
|
Manage
existing mailboxes, mail users, mail contacts, distribution groups, and
dynamic distribution groups in an organization. This does not enable
administrators to create these recipients.
|
|
Mail Tips
|
Manage mail tips in an organization.
|
|
Mailbox Import Export
|
Import or example mailbox content as well as to purge unwanted content.
|
|
Mailbox Search
|
Search the content of one or more mailboxes in an organization.
|
|
Message Tracking
|
Track messages in an organization.
|
|
Monitoring
|
Monitor the Microsoft Exchange services and component availability in an organization.
|
|
Move Mailboxes
|
Move mailboxes between servers in an organization and between servers in the local organization and another organization.
|
|
Organization Client Access
|
Manage Client Access server settings in an organization.
|
|
Organization Configuration
|
Manage
basic organization-wide settings. This role type doesn't include the
permissions included in the Organization Client Access or Organization
Transport Settings role types.
|
|
Organization Transport Settings
|
Manage
organization-wide transport settings, including system messages, site
configuration, and so forth. This role doesn't enable administrators to
create or manage transport Receive or Send connectors, queues, hygiene,
agents, remote and accepted domains, or rules.
|
|
Public Folder Replication
|
Start and stop public folder replication in an organization.
|
|
Public Folders
|
Manage
public folders in an organization. This role type doesn't enable you to
manage whether public folders are mail-enabled or to manage public
folder replication.
|
|
Recipient Policies
|
Manage recipient policies, such as provisioning policies, in an organization.
|
|
Retention Management
|
Manage retention policies in an organization.
|
|
Role Management
|
Manage
management role groups, role assignment policies, management roles,
role entries, assignments, and scopes in an organization. Users assigned
roles associated with this role type can override the Managed By
property for role groups, configure any role group, and add or remove
members to or from any role group.
|
|
Security Group Creation and Membership
|
Create and manage security groups and their memberships in an organization.
|
|
Send Connectors
|
Manage transport Send connectors in an organization.
|
|
Support Diagnostics
|
Perform advanced diagnostics under the direction of Microsoft support services.
|
|
Transport Agents
|
Manage transport agents in an organization.
|
|
Transport Hygiene
|
Manage antivirus and antispam features in an organization.
|
|
Transport Rules
|
Manage transport rules.
|
|
UM Mailboxes
|
Manage the unified messaging (UM) configuration of mailboxes and other recipients.
|
|
UM Prompts
|
Create and manage custom UM voice prompts.
|
|
Unified Messaging
|
Manage
Unified Messaging servers. This role doesn't enable administrators to
manage UM-specific mailbox configuration or UM prompts.
|
|
Unscoped Role Management
|
Create and manage unscoped top-level management roles.
|
|
User Options
|
View the Microsoft Outlook Web Access options for users.
|
|
View-Only Configuration
|
View all of the nonrecipient Exchange configuration settings.
|
|
View-Only Recipients
|
View
the configuration of recipients, including mailboxes, mail users, mail
contacts, distribution groups, and dynamic distribution groups.
|
 Â
Management Roles with a Server Scope
|
MANAGEMENT ROLE
|
ENABLES MANAGERS TO…
|
|
Database Copies
|
Manage mailbox database copies on individual servers.
|
|
Databases
|
Create, manage, mount, and dismount mailbox and public folder databases on individual servers.
|
|
Exchange Server Certificates
|
Create, import, export, and manage Exchange server certificates on individual servers.
|
|
Exchange Servers
|
Manage Exchange server configuration on individual servers.
|
|
Exchange Virtual Directories
|
Manage Autodiscover, Outlook Web App, Exchange
ActiveSync, offline address book (OAB), Windows PowerShell, and Web
administration interface virtual directories on individual servers.
|
|
Migration
|
Migrate mailboxes and mailbox content into or out of a server.
|
|
POP3 and IMAP4 Protocols
|
Manage
Post Office Protocol version 3 (POP3) and Internet Message Access
Protocol version 4 (IMAP4) configuration, such as authentication and
connection settings, on individual servers.
|
|
Receive Connectors
|
Manage transport Receive connector configuration, such as size limits on an individual server.
|
|
Transport Queues
|
Manage transport queues on an individual server.
|
Management Roles with a User Scope
|
MANAGEMENT ROLE
|
ENABLES MANAGERS TO…
|
|
MyBaseOptions
|
View and modify the basic configuration of their own mailbox and associated settings.
|
|
MyContactInformation
|
Modify their contact information. This information includes their address and phone numbers.
|
|
MyDistributionGroupMembership
|
View
and modify their membership in distribution groups in an organization,
provided that those distribution groups allow manipulation of group
membership.
|
|
MyDistributionGroups
|
Create, modify, and view distribution groups and modify, view, remove, and add members to distribution groups they own.
|
|
MyProfileInformation
|
Modify their name.
|
|
MyRetentionPolicies
|
View their retention tags, and view and modify their retention tag settings and defaults.
|
|
MyVoiceMail
|
View and modify their voice mail settings.
|
No comments:
Post a Comment